Pulseway's Active Directory (AD) Management Server Module allows system administrators direct access to quickly resolve the most common problems that users experience in a domain environment, such as password reset and account unlock. Having the capability to unlock users, reset passwords, enable/disable accounts, and add/remove group membership via a mobile device app is a significant time and effort saver. It also boosts user productivity and overall user satisfaction with IT services.
One of the most powerful features of this service is that system administrators can receive notification when a user's account becomes locked. This notification allows system administrators to investigate possible hack attempts versus legitimate lockouts. In either case, the notification is a proactive move toward resolving the issue quickly, when otherwise the user would have to call the help desk. And in the case of a potential attack, the administrators might not know for days.
Active Directory Management Server Module Features:
Enable/Disable Accounts
Reset Passwords
Unlock Accounts
Disable Password Expiration
Require Password Change
Allow Dial-In
Allow Password Change
Set Account Expiration
Add/Remove Group Membership
When users separate from the company, there is an immediate need to disable access to network resources, to sensitive data, and to other company assets. With a few taps an administrator can disable a user's account. There's no need to wait for paperwork or a lengthy process—simply notify the administrator who accesses the Pulseway App and disables the account within seconds of notification.
Setting up the Active Directory Management Capability
To enable the AD Management Server Module:
1. Install the Pulseway agent onto your Active Directory server(s).
2. Open the Pulseway Manager application on the Active Directory server.
3. Select the Server Modules tab.
4. Select the Manage Active Directory checkbox on the AD tab.
5. Optionally select, Require users to change their password at next logon after a password reset.
6. Select Apply or OK to finish.
See Figure 1.
Figure 1: Enabling the Active Directory Server Management Module.
Using the AD Module Service
After you've enabled the AD Management Server Module in the Active Directory Server's Pulseway Manager,
1. Open the Pulseway App on your tablet or mobile phone.
2. Select an Active Directory Server from the list.
3. Scroll down until you see the Active Directory entry and select it.
4. Select the AD domain you wish to manage.
At this point, you have three general options, as shown in Figure 2:
Figure 2: The Active Directory Server Module Options.
Unlocking a Locked User Account
1. Select Locked Users (See Figure 2) to view the user account that is locked out.
2. Select the displayed user account that you wish to unlock.
3. Scroll down until you see the TASKS section as shown in Figure 3.
4. Select Unlock and select Unlock again.
After a brief pause, the Unlock option disappears notifying you that you've successfully unlocked the account.
Figure 3: Displaying TASKS for a locked user account.
Adding a User to an AD Group
1. Select the Search Users option as shown in Figure 2.
2. Enter a user's AD account name, first name, or last name into the search field and then press Search on the on-screen keyboard.
3. Select the user account from the list.
4. Scroll to the GROUPS section on the user's account information page.
5. Select Member of.
6. Tap the (+) symbol in the upper right hand corner of the screen. See Figure 4.
Figure 4: Adding a New Group Membership.
7. Enter the group name into the search field and press the Search button on the on-screen keyboard.
8. Select the group from the list and tap Add Group in the upper right hand corner of the screen.
9. After a moment, the User Groups screen will refresh displaying the user's additional group membership, as shown in Figure 5.
Figure 5: Group Membership Updated.
System administrators can now respond quickly to Active Directory-related user problems via automatic notification and using the Pulseway mobile device app and without having to navigate through an AD server or connecting into the corporate network with a laptop or other device. The administrator can manage common issues remotely and using any available device.